Skip to main content
Version: Early Access

Sonatype Nexus IQ Plugin

The Release Sonatype Nexus IQ plugin is a Release plugin that enables the evaluation of a binary within the Nexus IQ server.

Important

Place the latest Release Sonatype Nexus IQ plugin jar file under the plugins directory in XLR and restart the XLR server.

Link to download the Sonatype Nexus IQ CLI jar file:  Nexus_IQ_CLI_jar

Features

This plugin creates the Evaluate Binary task that enables the evaluation of a binary within the Nexus IQ server.

Requirements

The Sonatype Nexus IQ plugin requires the following:

  • A Nexus IQ Server running
  • A Sonatype Nexus IQ CLI jar file

Set up a connection to the Nexus IQ Server

To set up a connection to the Nexus IQ server:

  1. From the navigation pane, click Configuration > Connections
  2. Under HTTP Server Connections, next to Nexusiq: Server, click Add button
    • In URL, enter the url where the Nexus Iq server is running
    • In Username, enter the username of the server
    • In Password, enter the password of the server
    • In CLI jar, enter the path of the CLI jar file
  3. To test the connection, click Test
  4. To save the configuration, click Save

XLR_NEXUS_IQ_CONNECTION

Start a release for Release Sonatype Nexus IQ plugin

  1. Create a folder for sonatype-nexus-iq
  2. Add a template for the created folder
  3. In the template, add the Evaluate Binary task which comes under Nexusiq
  4. In the Evaluate Binary task, provide:
    • The location of the binary to be evaluated, along with the access username and password for the location if needed
    • The name of the Application ID (Public ID)
    • The stage of the release to execute the binary
  5. Create a new release in the template
  6. Start the release by clicking the Start Release button

Evaluate_Binary_Release

Evaluate_Binary_Running_Release

Tile and Dashboard configuration

  1. On the completed release, select the Release Dashboard option from the dropdown list in the Show field which is present on the left side of the screen
  2. Click the Configure Dashboard button on the right side of the screen
  3. Click the Add Tiles button and add the NexusIQ tile from the available list
  4. Click the Configure option present in the NexusIQ tile.
  5. In the Tile Configuration window, select the Nexus Iq server, Application Id, Security level label and click Save
  6. After clicking the Save button, the NexusIQ dashboard appears on the screen showing the details in the form of a dashboard

Tile Configuration

Dashboard Configuration

Report creation

To create a report:

  1. From the navigation pane, under Reports, click Audit report
  2. Click the button Generate new report
  3. Select Time period
  4. Go to Preview results button
  5. Click the Generate report button
  6. Download the generated report
  7. Extract it and verify the extracted reports

On Success: In the extracted folder's root directory, there is an overall report and you can find reports for individual releases in the reports folder. In individual release reports, for plugins without CoC information, the Security and Compliance tab will not appear; but for plugins with CoC, you can see the tab.

Report_Generation

Report_xl

On Failure: The created report for a failed task should show the Compliance check as failed.

Failure_Report

Failure_Report_xl